vdb

package
v1.35.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 15, 2026 License: AGPL-3.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// StaticEnumTTL is the cache TTL for slowly-changing enumeration endpoints.
	StaticEnumTTL = 1 * time.Hour
	// PaginatedEnumTTL is the cache TTL for paginated list endpoints.
	PaginatedEnumTTL = 5 * time.Minute
)
View Source 
const (
	DefaultBaseURL    = "https://api.vdb.vulnetix.com"
	DefaultAPIVersion = "/v1"
	Region            = "us-east-1"
	Service           = "vdb"
	Algorithm         = "AWS4-HMAC-SHA512"
	TokenExpiry       = 15 * time.Minute
	MaxRetries        = 2
	BaseBackoff       = 2 * time.Second
)

Variables

This section is empty.

Functions

func LoadCredentials 

func LoadCredentials() (orgID, secretKey string, err error)

LoadCredentials loads VDB credentials using the centralized auth package. Returns orgID and secretKey for backward compatibility with existing callers.

func LoadFullCredentials 

func LoadFullCredentials() (*auth.Credentials, error)

LoadFullCredentials loads credentials as a full Credentials struct

Types

type CVEInfo 

type CVEInfo struct {
	Data interface{} // Store full response for display (array or object)
}

CVEInfo represents vulnerability information for a CVE

type Client 

type Client struct {
	BaseURL         string
	APIVersion      string
	OrgID           string
	SecretKey       string
	AuthMethod      auth.AuthMethod
	APIKey          string // hex digest for Direct API Key auth
	HTTPClient      *http.Client
	LastRateLimit   *RateLimitInfo
	LastCacheStatus string // "HIT", "MISS", "LOCAL", "REVALIDATED", or "" if no X-Cache header
	Cache           *cache.DiskCache
	NoCache         bool
	RefreshCache    bool
	FallbackCreds   *auth.Credentials // community creds to use when quota exhausted; nil = disabled
	UsingFallback   bool              // true after client switched to fallback (readable by cmd layer)
	// contains filtered or unexported fields
}

Client represents a VDB API client

func NewClient 

func NewClient(orgID, secretKey string) *Client

NewClient creates a new VDB API client using SigV4 auth

func NewClientFromCredentials 

func NewClientFromCredentials(creds *auth.Credentials) *Client

NewClientFromCredentials creates a VDB API client from centralized credentials

func (*Client) CritLookup 

func (c *Client) CritLookup(provider, service, resourceType string) (*CritLookupResponse, error)

CritLookup queries the VDB for vulnerabilities matching a CRIT template. The CRIT template is defined by provider (e.g. "aws"), service (e.g. "ec2"), and resourceType (e.g. "instance").

func (*Client) DoRequest 

func (c *Client) DoRequest(method, path string, body interface{}) ([]byte, error)

DoRequest performs an authenticated API request with retry for transient errors.

func (*Client) DoRequestCached 

func (c *Client) DoRequestCached(method, path string, body interface{}, ttl time.Duration) ([]byte, error)

DoRequestCached performs an authenticated, cached GET request. For non-GET or when cache is disabled, it falls through to DoRequest.

func (*Client) DoRequestMultipart 

func (c *Client) DoRequestMultipart(path, filePath, fileField string, fields map[string]string) ([]byte, error)

DoRequestMultipart performs an authenticated multipart/form-data API request.

func (*Client) DoRequestRawBody 

func (c *Client) DoRequestRawBody(method, path string, body []byte, contentType string) ([]byte, error)

DoRequestRawBody performs an authenticated API request with a raw body (not JSON-marshaled).

func (*Client) EOLPackageVersion added in v1.35.1 

func (c *Client) EOLPackageVersion(ecosystem, packageName, version string) (*EOLReleaseResponse, error)

EOLPackageVersion retrieves EOL lifecycle data for a specific package version. Returns (nil, nil) when the package/version is not in the VDB EOL database (404). Endpoint: GET /v1/eol/packages/{ecosystem}/{package}/versions/{version}

func (*Client) EOLProduct 

func (c *Client) EOLProduct(product string) (*EOLProductResponse, error)

EOLProduct retrieves product metadata and all releases for an EOL product.

func (*Client) EOLRelease 

func (c *Client) EOLRelease(product, release string) (*EOLReleaseResponse, error)

EOLRelease retrieves lifecycle data for a specific product release.

func (*Client) GetCVE 

func (c *Client) GetCVE(cveID string) (*CVEInfo, error)

GetCVE retrieves full vulnerability data for a specific CVE

func (*Client) GetCVEFixes 

func (c *Client) GetCVEFixes(identifier string) (map[string]interface{}, error)

GetCVEFixes retrieves fix data for a specific CVE identifier

func (*Client) GetCVETimeline 

func (c *Client) GetCVETimeline(identifier string, params TimelineParams) (map[string]interface{}, error)

GetCVETimeline retrieves the vulnerability timeline from the v1 API.

func (*Client) GetCVEsByDateRange 

func (c *Client) GetCVEsByDateRange(start, end string) (map[string]interface{}, error)

GetCVEsByDateRange retrieves paginated CVEs by date range

func (*Client) GetEcosystemGroupPackage 

func (c *Client) GetEcosystemGroupPackage(ecosystem, group, artifact string) (map[string]interface{}, error)

GetEcosystemGroupPackage retrieves Maven-style group/artifact information in a specific ecosystem

func (*Client) GetEcosystemPackage 

func (c *Client) GetEcosystemPackage(ecosystem, pkg string) (map[string]interface{}, error)

GetEcosystemPackage retrieves package information scoped to a specific ecosystem

func (*Client) GetEcosystemPackageVersions 

func (c *Client) GetEcosystemPackageVersions(ecosystem, pkg string) (map[string]interface{}, error)

GetEcosystemPackageVersions retrieves version information for a package in a specific ecosystem

func (*Client) GetEcosystems 

func (c *Client) GetEcosystems() ([]Ecosystem, error)

GetEcosystems retrieves the list of available ecosystems

func (*Client) GetExploitSources 

func (c *Client) GetExploitSources() (map[string]interface{}, error)

GetExploitSources retrieves the list of exploit intelligence sources

func (*Client) GetExploitTypes 

func (c *Client) GetExploitTypes() (map[string]interface{}, error)

GetExploitTypes retrieves the list of exploit type classifications

func (*Client) GetExploits 

func (c *Client) GetExploits(identifier string) (map[string]interface{}, error)

GetExploits retrieves exploit intelligence for a specific CVE identifier

func (*Client) GetFixDistributions 

func (c *Client) GetFixDistributions() (map[string]interface{}, error)

GetFixDistributions retrieves the list of supported Linux distributions for fix advisories

func (*Client) GetGCVEIssuances 

func (c *Client) GetGCVEIssuances(year, month, limit, offset int) (*GCVEIssuancesResponse, error)

GetGCVEIssuances retrieves GCVE issuances for a given year/month with pagination

func (*Client) GetHealth 

func (c *Client) GetHealth() (map[string]interface{}, error)

GetHealth checks the API health endpoint (unauthenticated, root-level path).

func (*Client) GetIdentifiersByMonth 

func (c *Client) GetIdentifiersByMonth(year, month, limit, offset int) (*IdentifiersMonthResponse, error)

GetIdentifiersByMonth retrieves CVE identifiers published in a given year/month

func (*Client) GetMetricTypes 

func (c *Client) GetMetricTypes() (map[string]interface{}, error)

GetMetricTypes retrieves the list of vulnerability metric/scoring types

func (*Client) GetOpenAPISpec 

func (c *Client) GetOpenAPISpec() (map[string]interface{}, error)

GetOpenAPISpec retrieves the OpenAPI specification

func (*Client) GetPackageVersions 

func (c *Client) GetPackageVersions(packageName string) (map[string]interface{}, error)

GetPackageVersions retrieves all known versions for a package across ecosystems

func (*Client) GetPackageVulnerabilities 

func (c *Client) GetPackageVulnerabilities(packageName string, limit, offset int) (*VulnerabilitiesResponse, error)

GetPackageVulnerabilities retrieves vulnerabilities for a package

func (*Client) GetProductVersion 

func (c *Client) GetProductVersion(productName, version string) (map[string]interface{}, error)

GetProductVersion retrieves information for a specific product version

func (*Client) GetProductVersionEcosystem 

func (c *Client) GetProductVersionEcosystem(productName, version, ecosystem string) (map[string]interface{}, error)

GetProductVersionEcosystem retrieves product version information scoped to a specific ecosystem

func (*Client) GetProductVersions 

func (c *Client) GetProductVersions(productName string, limit, offset int) (*ProductVersionsResponse, error)

GetProductVersions retrieves all versions for a product with pagination

func (*Client) GetSources 

func (c *Client) GetSources() (map[string]interface{}, error)

GetSources retrieves the list of vulnerability data sources

func (*Client) GetSummary 

func (c *Client) GetSummary() (map[string]interface{}, error)

GetSummary retrieves global all-time database statistics.

func (*Client) GetToken 

func (c *Client) GetToken() (string, error)

GetToken retrieves a valid JWT token (from cache or by requesting a new one)

func (*Client) GetTrafficFilters 

func (c *Client) GetTrafficFilters(identifier string, limit, offset int) (map[string]interface{}, error)

GetTrafficFilters retrieves IDS/IPS traffic filter rules (Snort) for a vulnerability.

func (*Client) SearchExploits 

func (c *Client) SearchExploits(params ExploitSearchParams) (map[string]interface{}, error)

SearchExploits searches for exploits across CVEs with pagination and filters

func (*Client) SearchIdentifiers 

func (c *Client) SearchIdentifiers(prefix string, limit, offset int) (*IdentifiersSearchResponse, error)

SearchIdentifiers retrieves CVE identifiers matching a prefix

func (*Client) SearchPackages 

func (c *Client) SearchPackages(query, ecosystem string, limit, offset int) (map[string]interface{}, error)

SearchPackages performs a full-text search across packages

func (*Client) V2Advisories 

func (c *Client) V2Advisories(id string) (map[string]interface{}, error)

V2Advisories retrieves advisory data for a vulnerability.

func (*Client) V2Affected 

func (c *Client) V2Affected(id string, p V2QueryParams) (map[string]interface{}, error)

V2Affected retrieves affected product/package data for a vulnerability.

func (*Client) V2CloudLocators 

func (c *Client) V2CloudLocators(vendor, product string) (map[string]interface{}, error)

V2CloudLocators retrieves cloud resource locator templates for a vendor/product pair.

func (*Client) V2CweGuidance 

func (c *Client) V2CweGuidance(id string) (map[string]interface{}, error)

V2CweGuidance retrieves CWE-based guidance for a vulnerability.

func (*Client) V2DistributionPatches 

func (c *Client) V2DistributionPatches(id string, p V2QueryParams) (map[string]interface{}, error)

V2DistributionPatches retrieves distribution patch data for a vulnerability.

func (*Client) V2Kev 

func (c *Client) V2Kev(id string) (map[string]interface{}, error)

V2Kev retrieves CISA KEV (Known Exploited Vulnerabilities) data.

func (*Client) V2RegistryFixes 

func (c *Client) V2RegistryFixes(id string, p V2QueryParams) (map[string]interface{}, error)

V2RegistryFixes retrieves registry-sourced fixes for a vulnerability.

func (*Client) V2RemediationPlan 

func (c *Client) V2RemediationPlan(id string, p V2RemediationParams) (map[string]interface{}, error)

V2RemediationPlan retrieves a context-aware remediation plan for a vulnerability.

func (*Client) V2ScanCycloneDX 

func (c *Client) V2ScanCycloneDX(filePath string, metadata ...[]byte) (map[string]interface{}, error)

V2ScanCycloneDX uploads a CycloneDX document for scanning. An optional metadata parameter (JSON bytes) is sent as a query parameter.

func (*Client) V2ScanManifest 

func (c *Client) V2ScanManifest(filePath, manifestType, ecosystem string, metadata ...[]byte) (map[string]interface{}, error)

V2ScanManifest uploads a manifest file for scanning. An optional metadata parameter (JSON bytes) is sent as the "metadata" form field.

func (*Client) V2ScanSPDX 

func (c *Client) V2ScanSPDX(filePath string, metadata ...[]byte) (map[string]interface{}, error)

V2ScanSPDX uploads an SPDX document for scanning. An optional metadata parameter (JSON bytes) is sent as a query parameter.

func (*Client) V2ScanStatus 

func (c *Client) V2ScanStatus(scanID string) (map[string]interface{}, error)

V2ScanStatus retrieves the status of a scan.

func (*Client) V2Scorecard 

func (c *Client) V2Scorecard(id string) (map[string]interface{}, error)

V2Scorecard retrieves the vulnerability scorecard.

func (*Client) V2ScorecardSearch 

func (c *Client) V2ScorecardSearch(query string) (map[string]interface{}, error)

V2ScorecardSearch searches scorecards by repository name.

func (*Client) V2SourceFixes 

func (c *Client) V2SourceFixes(id string, p ...V2QueryParams) (map[string]interface{}, error)

V2SourceFixes retrieves upstream source fixes for a vulnerability.

func (*Client) V2Timeline 

func (c *Client) V2Timeline(id string, p V2TimelineParams) (map[string]interface{}, error)

V2Timeline retrieves the vulnerability timeline with optional filters.

func (*Client) V2Workarounds 

func (c *Client) V2Workarounds(id string) (map[string]interface{}, error)

V2Workarounds retrieves workaround information for a vulnerability.

type CritLookupExploits 

type CritLookupExploits struct {
	Count   int      `json:"count"`
	Sources []string `json:"sources,omitempty"`
}

CritLookupExploits contains exploit intelligence summary.

type CritLookupKev 

type CritLookupKev struct {
	DateAdded                  string `json:"dateAdded"`
	DueDate                    string `json:"dueDate,omitempty"`
	KnownRansomwareCampaignUse string `json:"knownRansomwareCampaignUse,omitempty"`
	RequiredAction             string `json:"requiredAction,omitempty"`
}

CritLookupKev contains CISA KEV metadata.

type CritLookupMatch 

type CritLookupMatch struct {
	Crit           CritRecord            `json:"crit"`
	VulnID         string                `json:"vuln_id"`
	Aliases        []string              `json:"aliases,omitempty"`
	Kev            *CritLookupKev        `json:"kev,omitempty"`
	ExploitSummary *CritLookupExploits   `json:"exploit_summary,omitempty"`
	SnortRules     []CritLookupSnortRule `json:"snort_rules,omitempty"`
}

CritLookupMatch is a single matched CRIT record with enrichment data.

type CritLookupResponse 

type CritLookupResponse struct {
	Count   int               `json:"count"`
	Matches []CritLookupMatch `json:"matches"`
}

CritLookupResponse is the response from POST /v1/crit/lookup.

type CritLookupSnortRule 

type CritLookupSnortRule struct {
	SnortID           string `json:"snortId"`
	Msg               string `json:"msg"`
	SignatureSeverity string `json:"signatureSeverity,omitempty"`
	RawText           string `json:"rawText,omitempty"`
}

CritLookupSnortRule contains an IDS detection rule.

type CritRecord 

type CritRecord struct {
	VectorString         string `json:"vectorString"`
	VulnID               string `json:"vuln_id"`
	Provider             string `json:"provider"`
	Service              string `json:"service"`
	ResourceType         string `json:"resource_type"`
	VexStatus            string `json:"vex_status"`
	SharedResponsibility string `json:"shared_responsibility"`
}

CritRecord represents a CRIT (Cloud Resource Inventory Template) record.

type EOLProductDetail 

type EOLProductDetail struct {
	Name     string   `json:"name"`
	Label    string   `json:"label"`
	Category string   `json:"category"`
	Tags     []string `json:"tags"`
}

EOLProductDetail contains product metadata.

type EOLProductResponse 

type EOLProductResponse struct {
	Timestamp int64              `json:"timestamp"`
	Product   EOLProductDetail   `json:"product"`
	Releases  []EOLReleaseDetail `json:"releases"`
}

EOLProductResponse is the response from GET /v1/eol/products/{product}.

type EOLReleaseDetail 

type EOLReleaseDetail struct {
	Name             string  `json:"name"`
	Codename         *string `json:"codename,omitempty"`
	Label            string  `json:"label"`
	ReleaseDate      *string `json:"releaseDate,omitempty"`
	IsLts            bool    `json:"isLts"`
	LtsFrom          *string `json:"ltsFrom,omitempty"`
	IsEoas           bool    `json:"isEoas"`
	EoasFrom         *string `json:"eoasFrom,omitempty"`
	IsEol            bool    `json:"isEol"`
	EolFrom          *string `json:"eolFrom,omitempty"`
	IsEoes           *bool   `json:"isEoes,omitempty"`
	EoesFrom         *string `json:"eoesFrom,omitempty"`
	IsDiscontinued   *bool   `json:"isDiscontinued,omitempty"`
	DiscontinuedFrom *string `json:"discontinuedFrom,omitempty"`
	IsMaintained     bool    `json:"isMaintained"`
	LatestVersion    *string `json:"latestVersion,omitempty"`
	LatestDate       *string `json:"latestDate,omitempty"`
}

EOLReleaseDetail contains lifecycle data for a single release.

type EOLReleaseResponse 

type EOLReleaseResponse struct {
	Timestamp   int64            `json:"timestamp"`
	ProductName string           `json:"productName"`
	Release     EOLReleaseDetail `json:"release"`
}

EOLReleaseResponse is the response from GET /v1/eol/products/{product}/releases/{release}.

type Ecosystem 

type Ecosystem struct {
	Name  string `json:"name"`
	Count int    `json:"count"`
}

Ecosystem represents a single ecosystem entry

type EcosystemsResponse 

type EcosystemsResponse struct {
	Timestamp  int64       `json:"timestamp"`
	Ecosystems []Ecosystem `json:"ecosystems"`
}

EcosystemsResponse represents the ecosystems list response

type ErrorResponse 

type ErrorResponse struct {
	Success bool   `json:"success"`
	Error   string `json:"error"`
	Details string `json:"details,omitempty"`
}

ErrorResponse represents an API error response

type ExploitSearchParams 

type ExploitSearchParams struct {
	Limit     int
	Offset    int
	Ecosystem string
	Source    string
	Severity  string
	Sort      string
	Query     string
	InKev     string
	MinEpss   string
}

type GCVEIssuanceIdentifier 

type GCVEIssuanceIdentifier struct {
	GcveID        string `json:"gcveId"`
	CveID         string `json:"cveId"`
	DatePublished int64  `json:"datePublished"`
}

GCVEIssuanceIdentifier represents a single GCVE issuance record

type GCVEIssuancesResponse 

type GCVEIssuancesResponse struct {
	Timestamp   int64                    `json:"timestamp"`
	Year        int                      `json:"year"`
	Month       int                      `json:"month"`
	Total       int                      `json:"total"`
	Limit       int                      `json:"limit"`
	Offset      int                      `json:"offset"`
	HasMore     bool                     `json:"hasMore"`
	Identifiers []GCVEIssuanceIdentifier `json:"identifiers"`
}

GCVEIssuancesResponse represents the paginated GCVE issuances response

type IdentifiersMonthResponse 

type IdentifiersMonthResponse struct {
	Timestamp   int64    `json:"timestamp"`
	Year        int      `json:"year"`
	Month       int      `json:"month"`
	Total       int      `json:"total"`
	Limit       int      `json:"limit"`
	Offset      int      `json:"offset"`
	HasMore     bool     `json:"hasMore"`
	Identifiers []string `json:"identifiers"`
}

IdentifiersMonthResponse represents the paginated CVE identifiers response by month

type IdentifiersSearchResponse 

type IdentifiersSearchResponse struct {
	Timestamp   int64    `json:"timestamp"`
	Prefix      string   `json:"prefix"`
	Total       int      `json:"total"`
	Limit       int      `json:"limit"`
	Offset      int      `json:"offset"`
	HasMore     bool     `json:"hasMore"`
	Identifiers []string `json:"identifiers"`
}

IdentifiersSearchResponse represents the paginated CVE identifiers search response

type NotFoundError 

type NotFoundError struct {
	Message string
}

NotFoundError is returned when the API responds with 404.

func (*NotFoundError) Error 

func (e *NotFoundError) Error() string

type ProductVersionsResponse 

type ProductVersionsResponse struct {
	PackageName string          `json:"packageName"`
	Timestamp   int64           `json:"timestamp"`
	Total       int             `json:"total"`
	Limit       int             `json:"limit"`
	Offset      int             `json:"offset"`
	HasMore     bool            `json:"hasMore"`
	Versions    []VersionRecord `json:"versions"`
}

ProductVersionsResponse represents product versions with pagination

type RateLimitInfo 

type RateLimitInfo struct {
	DayLimit   int    // RateLimit-DayLimit  (0 = unlimited)
	Remaining  int    // RateLimit-Remaining (-1 = unlimited)
	Reset      int    // RateLimit-Reset     (Unix epoch seconds)
	Plan       string // X-VDB-Plan          (community/pro/teams/enterprise)
	SoftLimits bool   // X-Softlimits        (true = advisory only, never blocked)
	Present    bool
}

RateLimitInfo holds rate limit data returned in API response headers. Headers are informational — the CLI never enforces limits based on them; only actual HTTP 429 responses trigger retry/backoff.

type TimelineParams 

type TimelineParams struct {
	Include     string // comma-separated event types to include
	Exclude     string // comma-separated event types to exclude
	Dates       string // comma-separated CVE date fields: published,modified,reserved
	ScoresLimit int    // max score-change events (default 30, max 365)
}

ExploitSearchParams holds parameters for the exploit search endpoint TimelineParams holds filter parameters for the /vuln/{id}/timeline endpoint.

type TokenCache 

type TokenCache struct {
	Token     string
	ExpiresAt time.Time
}

TokenCache stores the JWT token and its expiration

type TokenResponse 

type TokenResponse struct {
	Token string `json:"token"`
	Iss   string `json:"iss"`
	Sub   string `json:"sub"`
	Exp   int64  `json:"exp"`
}

TokenResponse represents the JWT token response

type V2QueryParams 

type V2QueryParams struct {
	Ecosystem   string
	PackageName string
	Vendor      string
	Product     string
	Distro      string
	Purl        string
	Limit       int
	Offset      int
}

V2QueryParams holds common context-filter query parameters for V2 endpoints.

type V2RemediationParams 

type V2RemediationParams struct {
	V2QueryParams
	CurrentVersion           string
	PackageManager           string
	ContainerImage           string
	OS                       string
	Registry                 string
	IncludeGuidance          bool
	IncludeVerificationSteps bool
}

V2RemediationParams extends V2QueryParams with remediation-plan-specific parameters.

type V2TimelineParams 

type V2TimelineParams struct {
	Include     string // comma-separated event types to include
	Exclude     string // comma-separated event types to exclude
	Dates       string // comma-separated CVE date fields: published,modified,reserved
	ScoresLimit int    // max score-change events (default 30, max 365)
}

V2TimelineParams holds filter parameters for the v2 timeline endpoint.

type VersionRecord 

type VersionRecord struct {
	Version   string          `json:"version"`
	Ecosystem string          `json:"ecosystem"`
	Sources   []VersionSource `json:"sources"`
	CVEIDs    []string        `json:"cveIds,omitempty"`
}

VersionRecord represents a single version entry with ecosystem and sources

type VersionSource 

type VersionSource struct {
	SourceTable string                 `json:"sourceTable"`
	SourceID    string                 `json:"sourceId"`
	Metadata    map[string]interface{} `json:"metadata,omitempty"`
}

VersionSource represents a data source entry for a product version

type VulnerabilitiesResponse 

type VulnerabilitiesResponse struct {
	PackageName     string          `json:"packageName"`
	Timestamp       int64           `json:"timestamp"`
	TotalCVEs       int             `json:"totalCVEs"`
	Total           int             `json:"total"`
	Limit           int             `json:"limit"`
	Offset          int             `json:"offset"`
	HasMore         bool            `json:"hasMore"`
	Versions        []VersionRecord `json:"versions"`
	Vulnerabilities []VersionRecord `json:"vulnerabilities"` // alternative key used by some API paths
	RawData         interface{}     `json:"-"`               // full parsed response for fallback display
}

VulnerabilitiesResponse represents vulnerabilities for a package

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.